Skip to main content

Recursor

29 CVEs product

Monthly

CVE-2026-42389 MEDIUM PATCH This Month

DNS response manipulation in PowerDNS Recursor 5.4.x allows network-positioned attackers to inject false DNS records through insufficient validation of answers received from authoritative servers, resulting in low-integrity violations in name resolution for downstream clients. The 5.4.x branch received hardening patches per PowerDNS advisory 2026-08 to close this validation gap. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Recursor Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-52690 MEDIUM PATCH This Month

DNSSEC validation in PowerDNS Recursor can be silently undermined by network-positioned attackers who spoof DNS replies to trick the Recursor into permanently marking a legitimate authoritative server's IP as EDNS-incapable. Once that state is poisoned, the Recursor is unable to perform proper DNSSEC validation for any zones served by that authoritative server, effectively disabling a critical security layer for downstream clients. No active exploitation has been confirmed by CISA KEV, and no public proof-of-concept has been identified at time of analysis; however, the attack complexity is rated High due to the spoofing prerequisite.

Recursor Authentication Bypass Suse
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-42390 MEDIUM PATCH This Month

ZONEMD validation bypass in PowerDNS Recursor allows a cryptographically invalid DNS zone to be accepted as legitimate when ZoneToCache is configured with ZONEMD validation enabled. This undermines the integrity guarantee that ZONEMD is designed to provide - an attacker capable of serving a crafted zone to the resolver (e.g., via a rogue authoritative source or network interception) can cause the recursor to cache and serve tampered DNS data. No public exploit code has been identified and exploitation is not confirmed in CISA KEV; real-world risk is constrained by the non-default configuration prerequisite.

Information Disclosure Recursor Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-42388 MEDIUM PATCH This Month

PowerDNS Recursor crashes when processing a malformed SOA record within a catalog zone, resulting in a denial of service for all DNS resolution handled by the affected instance. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms network-reachable unauthenticated exploitation, but high attack complexity reflects the non-default catalog zone configuration required. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Recursor Suse
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-42387 MEDIUM PATCH This Month

PowerDNS Recursor crashes when a malicious authoritative DNS server serves a crafted zone via the ZoneToCache function, exploiting insufficient input validation to cause a denial of service. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms this is a remotely triggerable availability-only impact, though high attack complexity reflects the prerequisite of controlling or compromising an authoritative name server in the resolution path. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the impact on DNS infrastructure availability makes this a meaningful operational risk for affected deployments.

Denial Of Service Recursor Suse
NVD VulDB
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-40012 MEDIUM PATCH This Month

Improper packet cache handling in PowerDNS Recursor causes ECS zero-scoped DNS answers to be stored in the cache when they should be discarded or handled as global entries, creating an information disclosure pathway. All Recursor versions (cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*) are affected, but only deployments with EDNS Client Subnet (ECS) explicitly enabled are exposed. The CVSS score of 5.3 with a network vector and no required privileges reflects that any DNS client can trigger the improper caching behavior, though real-world impact is bounded by the non-default ECS configuration requirement. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Recursor Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-24027 MEDIUM This Month

Crafted zones can lead to increased incoming network traffic. [CVSS 5.3 MEDIUM]

Information Disclosure Recursor
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0398 MEDIUM This Month

DNS recursive resolver denial-of-service via crafted zones and CNAME chain manipulation allows unauthenticated attackers to exhaust server resources and potentially poison the resolver's cache. The vulnerability affects Recursor instances exposed to untrusted DNS queries, enabling attackers to degrade performance or compromise DNS resolution integrity. No patch is currently available.

Denial Of Service Recursor
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-59024 MEDIUM This Month

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 6.5 MEDIUM]

Information Disclosure Recursor
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59023 HIGH This Week

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 8.2 HIGH]

Information Disclosure Recursor
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2023-26437 MEDIUM This Month

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.6.5, through 4.7.4 , through 4.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-22617 HIGH This Week

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Recursor
NVD
CVSS 3.1
7.5
EPSS
7.3%
CVE-2022-37428 MEDIUM This Month

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-27227 HIGH PATCH This Week

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authoritative Server Recursor Fedora
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-25829 HIGH This Week

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2020-14196 MEDIUM This Month

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Recursor
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-10995 HIGH This Week

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora Debian Linux Backports Sle +1
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-10030 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Information Disclosure Recursor
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2020-12244 HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Recursor Fedora Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-3807 CRITICAL Act Now

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Recursor
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2019-3806 HIGH This Week

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Recursor
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2018-16855 HIGH This Week

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Recursor
NVD
CVSS 3.0
7.5
EPSS
59.5%
CVE-2018-14626 HIGH This Week

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-10851 HIGH This Week

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
6.0%
CVE-2018-14644 MEDIUM This Month

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recursor
NVD
CVSS 3.0
5.9
EPSS
4.8%
CVE-2018-1000003 LOW Monitor

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recursor
NVD
CVSS 3.0
3.7
EPSS
1.3%
CVE-2015-5470 HIGH PATCH This Week

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative Recursor
NVD
CVSS 2.0
7.8
EPSS
0.0%
CVE-2015-1868 HIGH This Week

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Fedora Recursor
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-8601 MEDIUM This Month

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Recursor
NVD
CVSS 2.0
5.0
EPSS
0.8%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

DNS response manipulation in PowerDNS Recursor 5.4.x allows network-positioned attackers to inject false DNS records through insufficient validation of answers received from authoritative servers, resulting in low-integrity violations in name resolution for downstream clients. The 5.4.x branch received hardening patches per PowerDNS advisory 2026-08 to close this validation gap. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Recursor Suse
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

DNSSEC validation in PowerDNS Recursor can be silently undermined by network-positioned attackers who spoof DNS replies to trick the Recursor into permanently marking a legitimate authoritative server's IP as EDNS-incapable. Once that state is poisoned, the Recursor is unable to perform proper DNSSEC validation for any zones served by that authoritative server, effectively disabling a critical security layer for downstream clients. No active exploitation has been confirmed by CISA KEV, and no public proof-of-concept has been identified at time of analysis; however, the attack complexity is rated High due to the spoofing prerequisite.

Recursor Authentication Bypass Suse
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

ZONEMD validation bypass in PowerDNS Recursor allows a cryptographically invalid DNS zone to be accepted as legitimate when ZoneToCache is configured with ZONEMD validation enabled. This undermines the integrity guarantee that ZONEMD is designed to provide - an attacker capable of serving a crafted zone to the resolver (e.g., via a rogue authoritative source or network interception) can cause the recursor to cache and serve tampered DNS data. No public exploit code has been identified and exploitation is not confirmed in CISA KEV; real-world risk is constrained by the non-default configuration prerequisite.

Information Disclosure Recursor Suse
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

PowerDNS Recursor crashes when processing a malformed SOA record within a catalog zone, resulting in a denial of service for all DNS resolution handled by the affected instance. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms network-reachable unauthenticated exploitation, but high attack complexity reflects the non-default catalog zone configuration required. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Recursor Suse
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

PowerDNS Recursor crashes when a malicious authoritative DNS server serves a crafted zone via the ZoneToCache function, exploiting insufficient input validation to cause a denial of service. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) confirms this is a remotely triggerable availability-only impact, though high attack complexity reflects the prerequisite of controlling or compromising an authoritative name server in the resolution path. No public exploit code has been identified at time of analysis, and no KEV listing exists, but the impact on DNS infrastructure availability makes this a meaningful operational risk for affected deployments.

Denial Of Service Recursor Suse
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper packet cache handling in PowerDNS Recursor causes ECS zero-scoped DNS answers to be stored in the cache when they should be discarded or handled as global entries, creating an information disclosure pathway. All Recursor versions (cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*) are affected, but only deployments with EDNS Client Subnet (ECS) explicitly enabled are exposed. The CVSS score of 5.3 with a network vector and no required privileges reflects that any DNS client can trigger the improper caching behavior, though real-world impact is bounded by the non-default ECS configuration requirement. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Recursor Suse
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Crafted zones can lead to increased incoming network traffic. [CVSS 5.3 MEDIUM]

Information Disclosure Recursor
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

DNS recursive resolver denial-of-service via crafted zones and CNAME chain manipulation allows unauthenticated attackers to exhaust server resources and potentially poison the resolver's cache. The vulnerability affects Recursor instances exposed to untrusted DNS queries, enabling attackers to degrade performance or compromise DNS resolution integrity. No patch is currently available.

Denial Of Service Recursor
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 6.5 MEDIUM]

Information Disclosure Recursor
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 8.2 HIGH]

Information Disclosure Recursor
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.6.5, through 4.7.4 , through 4.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor
NVD
EPSS 7% CVSS 7.5
HIGH This Week

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Recursor
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authoritative Server Recursor +1
NVD
EPSS 7% CVSS 7.5
HIGH This Week

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Backports Sle +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Recursor
NVD
EPSS 4% CVSS 7.5
HIGH This Week

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora +3
NVD
EPSS 24% CVSS 8.8
HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Recursor +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Recursor
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Recursor
NVD
EPSS 59% CVSS 7.5
HIGH This Week

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Recursor
NVD
EPSS 3% CVSS 7.5
HIGH This Week

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
EPSS 6% CVSS 7.5
HIGH This Week

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
EPSS 5% CVSS 5.9
MEDIUM This Month

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recursor
NVD
EPSS 1% CVSS 3.7
LOW Monitor

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Recursor
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authoritative Recursor
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Fedora +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Recursor
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy